© Copyright 2024, Intel Corporation
This module creates an Azure virtual machine on Intel Icelake (for Intel Non-TDX VMs) and Sapphire Rapids CPUs (for Intel Confidential Compute VMs with Intel TDX) on Linux Operating System. The virtual machine is created on an Intel Icelake Standard_D2_v5 by default and if using Intel Confidential Computing VMs with Intel TDX the default will be Intel Sapphire Rapids Standard_DC2es_v5.
As you configure your application's environment, choose the configurations for your infrastructure that matches your application's requirements.
In this example, the virtual machine is using a preconfigured network interface, subnet, and resource group. The tags Name, Owner and Duration are added to the virtual machine when it is created.
We have now included example for provisioning Intel Confidential VMs with TDX- see "azure-linux-tdx-vm" and "azure-rhel-tdxvm" example folders.
See examples folder for code ./examples/azure-linux-vm-spot-vm/main.tf
Example of main.tf
# Example of how to pass variable for virtual machine password:
# terraform apply -var="admin_password=..."
# Environment variables can also be used https://www.terraform.io/language/values/variables#environment-variablesvariables.tf
variable "admin_password" {
type = string
default = null
sensitive = true
}main.tf
module "azurerm_linux_virtual_machine" {
source = "intel/azure-linux-vm/intel"
azurerm_resource_group_name = "terraform-testing-rg"
azurerm_virtual_network_name = "vm-vnet1"
virtual_network_resource_group_name = "terraform-testing-rg"
vm_name = "redhat8-vm01"
os_disk_name = "value"
azurerm_network_interface_name = "redhat8-nic01"
azurerm_subnet_name = "default"
admin_password = var.admin_password
source_image_reference = {
"offer" = "RHEL"
"sku" = "8-LVM-gen2"
"publisher" = "RedHat"
"version" = "latest"
}
tags = {
"owner" = "[email protected]"
"duration" = "1"
}
}
Run Terraform
terraform init
terraform plan
terraform applyNote that this example may create resources. Run terraform destroy when you don't need these resources anymore.
When admin_password is specified disable_password_authentication must be set to false.
Either admin_password or admin_ssh_key must be specified.
The virtual machine is using a preconfigured network interface, subnet, and resource group.
To use the Intel Confidential VMs with TDX see the "azure-linux-tdx-vm" example.
| Name | Version |
|---|---|
| azurerm | ~>3.86 |
| Name | Version |
|---|---|
| azurerm | ~>3.86 |
No modules.
| Name | Type |
|---|---|
| azurerm_linux_virtual_machine.linux_vm | resource |
| azurerm_network_interface.nic | resource |
| azurerm_resource_group.rg | data source |
| azurerm_storage_account.example | data source |
| azurerm_subnet.example | data source |
| azurerm_virtual_network.vnet | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| admin_password | The Password which should be used for the local-administrator on this virtual machine | string |
n/a | yes |
| admin_ssh_key | n/a | list(any) |
[] |
no |
| admin_username | The username of the local administrator used for the virtual machine | string |
"adminuser" |
no |
| azurerm_network_interface_name | The name of the network interface. Changing this forces a new resource to be created | string |
"nic1" |
no |
| azurerm_resource_group_name | Name of the resource group to be imported | string |
n/a | yes |
| azurerm_storage_account_name | The name of the storage account to be used for the boot_diagnostic | string |
null |
no |
| azurerm_subnet_name | The name of the preconfigured subnet | string |
n/a | yes |
| azurerm_virtual_network_name | Name of the preconfigured virtual network | string |
n/a | yes |
| custom_data | The Base64-Encoded Custom Data which should be used for this Virtual Machine. Changing this forces a new resource to be created. | string |
null |
no |
| disable_password_authentication | Boolean that determines if password authentication will be disabled on this virtual machine | bool |
false |
no |
| disk_size_gb | The size of the internal OS disk in GB, if you wish to vary from the size used in the image this virtual machine is sourced from | string |
null |
no |
| enable_boot_diagnostics | Boolean that determines if the boot diagnostics will be enabled on this virtual machine | bool |
true |
no |
| encryption_at_host_flag | Enables OS Disk Encryption at Host - recommended for TDX Confidential Compute VM | bool |
false |
no |
| eviction_policy | Specifies what should happen when the Virtual Machine is evicted for price reasons when using a Spot instance. Possible values are Deallocate and Delete | string |
null |
no |
| identity | n/a | object({ |
{} |
no |
| ip_configuration_name | A name for the IP with the network interface configuration | string |
"internal" |
no |
| ip_configuration_private_ip_address_allocation | The allocation method used for the private IP address. Possible values are Dynamic and Static | string |
"Dynamic" |
no |
| ip_configuration_public_ip_address_id | Reference to a public IP address for the NIC | string |
null |
no |
| max_bid_price | The maximum price you're willing to pay for this virtual machine, in US Dollars; which must be greater than the current spot price. If this bid price falls below the current spot price the virtual machine will be evicted using the eviction_policy | string |
"-1" |
no |
| os_disk_caching | The type of caching which should be used for the internal OS disk. Possible values are 'None', 'ReadOnly' and 'ReadWrite' | string |
"ReadWrite" |
no |
| os_disk_name | The name which should be used for the internal OS disk | string |
"os_disk1" |
no |
| os_disk_storage_account_type | The type of storage account which should back this the internal OS disk. Possible values include Standard_LRS, StandardSSD_LRS and Premium_LRS | string |
"Premium_LRS" |
no |
| priority | Specifies the priority of this virtual machine. Possible values are Regular and Spot. Defaults to Regular | string |
"Regular" |
no |
| secure_boot_flag | Enables Secure Boot- recommended TDX Confidential Compute VM | bool |
false |
no |
| source_image_id | Used for Custom Compute Gallery Images. The ID of the image used to create the virtual machine | string |
null |
no |
| source_image_reference | n/a | map(any) |
null |
no |
| tags | A mapping of tags to assign to the resource | map(any) |
{} |
no |
| tdx_flag | Determines whether a VM is TDX Confidential Compute VM | bool |
false |
no |
| virtual_machine_size | The SKU that will be configured for the provisioned virtual machine | string |
"Standard_D2s_v5" |
no |
| virtual_network_resource_group_name | Name of the resource group of the virtual network | string |
n/a | yes |
| vm_name | The unique name of the Linux virtual machine | string |
"vm1" |
no |
| write_accelerator_enabled | Should write accelerator be enabled for this OS disk? Defaults to false | bool |
false |
no |
| Name | Description |
|---|---|
| admin_username | Virtual machine admin username |
| identity | Identity configuration associated with the virtual machine |
| location | Location where the virtual machine will be created |
| name | Virtual machine name |
| network_interface_ids | List of network interface IDs that are attached to the virtual machine |
| os_disk | Disk properties that are attached to the virtual machine |
| resource_group_name | Name of the resource group |
| size | The SKU for the virtual machine |
| storage_account_tier | Tier to identify the storage account associated with the virtual machine |
| tags | Tags that are assigned to the virtual machine |
| virtual_machine_id | ID assigned to the virtual machine after it has been created |